Total
371 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6928 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-08-02 | 9.8 Critical |
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | ||||
CVE-2023-6756 | 1 Thecosy | 1 Icecms | 2024-08-02 | 5.3 Medium |
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. | ||||
CVE-2023-6272 | 1 Thememylogin | 1 2fa | 2024-08-02 | 9.8 Critical |
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | ||||
CVE-2023-5754 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-08-02 | 9.1 Critical |
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | ||||
CVE-2023-4625 | 1 Mitsubishielectric | 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more | 2024-08-02 | 5.3 Medium |
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | ||||
CVE-2023-3669 | 1 Codesys | 1 Development System | 2024-08-02 | 3.3 Low |
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | ||||
CVE-2023-3605 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 6.5 Medium |
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467. | ||||
CVE-2023-3548 | 1 Johnsoncontrols | 2 Iq Wifi 6, Iq Wifi 6 Firmware | 2024-08-02 | 8.3 High |
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | ||||
CVE-2023-3173 | 1 Froxlor | 1 Froxlor | 2024-08-02 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | ||||
CVE-2023-2675 | 1 Linagora | 1 Twake | 2024-08-02 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. | ||||
CVE-2023-2531 | 1 Azuracast | 1 Azuracast | 2024-08-02 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. | ||||
CVE-2023-1665 | 1 Linagora | 1 Twake | 2024-08-02 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0. | ||||
CVE-2023-1539 | 1 Answer | 1 Answer | 2024-08-02 | 5.3 Medium |
Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6. | ||||
CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2024-08-02 | 8.8 High |
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | ||||
CVE-2023-0860 | 1 Modoboa | 1 Installer | 2024-08-02 | 7.5 High |
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | ||||
CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2024-08-02 | 6.8 Medium |
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | ||||
CVE-2024-35747 | 1 Contact Form Builder Project | 1 Contact Form Builder | 2024-08-02 | 5.3 Medium |
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | ||||
CVE-2024-32774 | 2024-08-02 | 4.3 Medium | ||
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2. | ||||
CVE-2024-32720 | 2024-08-02 | 5.3 Medium | ||
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. | ||||
CVE-2024-32676 | 2024-08-02 | 5.3 Medium | ||
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0. |